3/14/2019

1

HIPAA Privacy and

Social Media:

Or how to create a Culture of Confidentiality

Melissa Mitchell, JD,

CHC, CPC-A

Carlos Cruz, JD,

MHA

Five W’s of the “Speak Up” Culture

Melissa Mitchell, JD, CHC, CPC-A Chief Compliance OfficerSystem Director Medical Staff OfficeSinai Health SystemChicago, IL

melissa.mitchell@sinai.org@melissajmitch

Carlos Cruz, JD, MHAChief Compliance OfficerTri-City Medical Center Oceanside, CA

CruzC@TCMC.com

3/14/2019

2

Culture of Confidentiality: HIPAA plus

Two Case Studies:

Sinai: Confidentiality on the brink

Tri-City: A new day…a new way

Lessons Learned

Questions

Agenda

Health Insurance Portability and Accountability Act of 1996

What were you doing in 1996?

What were you doing in

1996?

3/14/2019

3

Social Media: An Explosion

The New Norm

Used by 74% of internet users

80% using platforms to research physicians, hospitals, and medical news and information

Powerful Marketing Tool

General Information to the public

Sharing of experiences

Meaning…. HIPAA breaches INVOLVING

social media are on the rise!

Office of Civil Rights (OCR): responsible for enforcement of HIPAA

Penalties can be significant:

Civil Money Penalties: fines ranging from $100 –$1,500,000

Criminal Penalties: fines up to $250,000 and up to 10 years in prison

Other consequences of violating HIPAA include lawsuits, the loss of a medical license, or employee termination.

And don’t forget…. reputational harm! (Don’t be on the wall of shame).

3/14/2019

4

But really… why? 

How do we usually approach HIPAA v. How we should

Protection

Under-inclusive

A tool

Promoting better care

Constantly evolving

Burdensome

Over-inclusive

A pain in the neck

Hindering care

Old school

The Case of the Nurse on Instagram

3/14/2019

5

But really… why? 

We want to go above and beyond the requirements of HIPAA.

We want to evolve.

We want to maintain a confidential and empathetic environment for our patients.

We want to create a CULTURE OF CONFIDENTIALITY.

Creating and Maintaining a Culture of Confidentiality on the South and West sides of Chicago

Sinai Health System: 2016

Impact on privacy but also:

How Caregivers represent themselves

How Caregivers represent Sinai Health System

How Caregivers interact with each other

3/14/2019

6

Case Study #1Tri-City: A New Day…A New Way

Tri-city: A public hospital district

Opened in 1961; located in Oceanside, CA Community owned and operated

Serves the communities of Vista, Carlsbad and Public agency of the State of California

Affiliated with UC San Diego Safety net

Hospital (388 Beds); Two advanced clinical institutes for cardiovascular and orthopedic care; 700 physicians practicing in 60 specialties

Challenges Reduction in patient volumes Tightening of margins Loss of DSH $

3/14/2019

7

Build upon the foundation: Culture of Confidentiality

Project Timeline

Revise Privacy Training

Initiate Staff Rounding

Town Halls and Monthly Compliance newsletter

Educate operational leadership: help spread

the word

Build upon the foundation

Education, education, education

Relationship building and

communication

• Revise Current Training• Increase focus on

“Culture of Confidentiality” concept

• Initiated Staff Rounding• Compliance Newsletter• “Town Halls”

3/14/2019

8

Tri-City’s Culture of Confidentiality Journey:

“A journey of a thousand miles begins with a single step.”

Lao Tzu

“I am not sure what a “Culture of Confidentiality means…”

• The 5 W’s of Compliance • What does the concept mean? • How have other organizations dealt with

this issue?

Education, education, education

3/14/2019

9

Culture is changing…. slowly

Increase in Privacy issues being raised• Hotline, in person, via

email

Increase in Privacy-related questions• Consult requests

have increased since onset of program

A significant issue is discussed (and

used as a learning

opportunity)

The Case of the CT Scan Selfie

Privacy issue: Investigation and corrective action Radiology Team Inappropriate selfie California Department of Public Health report and

fines Media coverage Employee Corrective Action Plan

Education Provided

3/14/2019

10

But really… why? 

Case Study #2

Sinai Health System:

Confidentiality on the Brink

Serving Chicago’s south and southwest side Safety Net 3 hospitals, 695 beds, 300 physicians, 1 Level I

trauma center, 1 community institute, 1 urban health institute, 4,000 Caregivers

Be Stronger

Care Harder

Love Deeper

3/14/2019

11

Culture of Confidentiality: From infancy to teenager

When I first asked people to speak up, this happened: [insert cricket noise here]

When I First Told People About the Culture of Confidentiality:

3/14/2019

12

“I am not sure this is a 

compliance issue but…”

Then I became the social media police.

Someone said something bad about Sinai on Facebook Can I post a picture of

my Sinai badge?

What if I post on Facebook that I hate all my co-workers?

Someone is saying something mean on Twitter

Can my department create their own Twitter page?

Partnership with marketing and HR department

Education on separation of issues

Encouraging auditing and monitoring across the board

Emphasizing how we use the CoC to help us and to help us help our patients

Now the focus is collaboration.

3/14/2019

13

Top Down Approach

Education, education, education

Make it good, tell a story. NY Med

Tell a GOOD story.

Tell them WHY. Personal, reputational, and government repercussions.

3/14/2019

14

Top Down Approach

No man is an island

Collaboration is key

This is not just a compliance issue!

HR Marketing Operational

Top Down Approach

BE the social media police

Auditing and monitoring (you WILL find things)

Recruit others to do the same

Talk about your finds….a lot

3/14/2019

15

Top Down Approach

Respond quickly and effectively

Step one is always: “take it down” Nurse on Snapchat

You can ask questions during steps two through 100.

If you educate, repeat training steps: Tell a story Tell them why (personal,

reputation, and government repercussions)

Top Down Approach

Be ready to separate HIPAA and the CoC, if

necessary

Do you need a CoC? YES!

Do you need to report on CoCissues? MAYBE?

3/14/2019

16

Tell us about your social

mediavictories.

Tell us about your social

media challenges.

Tell us how you have changed your culture

(confidentiality-wise or

otherwise).

Questions?

Thank you!

Carlos CruzCruzC@TCMC.com

Melissa Mitchellmelissa.mitchell@sinai.org